hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-15 03:39:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,969 Commits 1,758 Branches 167 Tags
codeql-cli/v2.25.3
Commit Graph

86969 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
94fb011b90 Swift: Add change note 2026-04-09 15:17:13 +02:00
Taus
d622dabf3e Python: Add create-extractor-pack.sh for Python 
This allows us to build and test the extractor (for actual QL extraction
-- not just the extractor unit tests) entirely from within the
`github/codeql` repo, just as we do with Ruby. All that's needed is a
`--search-path` argument that points to the repo root.
 2026-04-09 13:06:45 +00:00
Jeroen Ketema
21937c2415 Swift: Add dbscheme upgrade and downgrade scripts 2026-04-09 15:05:30 +02:00
Jeroen Ketema
7879d0a006 Swift: Fix OpaqueTypeArchetypeType name mangling 2026-04-09 15:05:28 +02:00
Jeroen Ketema
34b626e8bb Swift: Update expected integration test results 2026-04-09 15:05:27 +02:00
Jeroen Ketema
d09e2f66cd Swift: Assign indexes to fileprivate ValueDecls 
At least in the case of function declarations there can be multiple
identical ones within the same module, causing data set check errors
if not differentiated.
 2026-04-09 15:05:16 +02:00
Tom Hvitved
33cc887be0 Merge pull request #21592 from hvitved/dataflow/source-call-context-type-flow 
Data flow: Add hook for preventing lambda dispatch in source call contexts
 2026-04-09 13:44:42 +02:00
Geoffrey White
e72c116664 Rust: Proposed improved solution. 2026-04-09 11:18:25 +01:00
Tom Hvitved
d704b753c8 Fix CP in typeFlowParamType 
Forgot to link `p` with `c` using `nodeEnclosingCallable(p, c)`.
 2026-04-09 09:19:55 +02:00
dependabot[bot]
7833a0a2e8 Bump gazelle from 0.47.0 to 0.50.0 
Bumps [gazelle](https://github.com/bazel-contrib/bazel-gazelle) from 0.47.0 to 0.50.0.
- [Release notes](https://github.com/bazel-contrib/bazel-gazelle/releases)
- [Commits](https://github.com/bazel-contrib/bazel-gazelle/compare/v0.47.0...v0.50.0)

---
updated-dependencies:
- dependency-name: gazelle
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 03:08:02 +00:00
Geoffrey White
95681bfad4 Rust: Fix performance issue with File.fromSource. 2026-04-08 15:04:03 +01:00
Jeroen Ketema
7bf78de167 Swift: Fix AnyFunctionType name mangling 2026-04-08 15:53:24 +02:00
Kristen Newbury
fb0ee5b987 Merge pull request #21640 from knewbury01/knewbury01/adjust-actions-queries-alerts 
Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium]
 2026-04-08 09:44:00 -04:00
Jeroen Ketema
f7de0abe60 Swift: Fix BuiltinFixedArrayType mangling 2026-04-08 15:41:57 +02:00
Kristen Newbury
7b7411f7df Change alert location CWE-829/ArtifactPoisoning queries 2026-04-08 08:57:45 -04:00
Jeroen Ketema
5eb8db0d48 Swift: Update expected QL test results after 6.3 update 2026-04-08 13:21:33 +02:00
Jeroen Ketema
6b2494c3e5 Swift: Update generated files 2026-04-08 13:21:03 +02:00
Jeroen Ketema
d473c7143d Swift: Update schema 2026-04-08 13:20:06 +02:00
Jeroen Ketema
fd83515843 Swift: Make extractor compile 2026-04-08 13:19:40 +02:00
Jeroen Ketema
2fbfcb970e Swift: Use Swift 6.3 artifacts 2026-04-08 13:19:00 +02:00
Taus
e3688444d7 Python: Also exclude class scope 
Changing the `locals()` dictionary actually _does_ change the attributes
of the class being defined, so we shouldn't alert in this case.
 2026-04-07 23:46:03 +02:00
Taus
8d79248ea7 Python: Port ModificationOfLocals.ql 2026-04-07 23:46:03 +02:00
Taus
16683aee0e Merge pull request #21590 from github/tausbn/python-improve-bind-all-interfaces-query 
Python: Improve "bind all interfaces" query
 2026-04-07 17:59:48 +02:00
Jeroen Ketema
e7d3eedc80 Merge pull request #21661 from jketema/autoconf 
C++: Add heuristic for GNU autoconf config files
 2026-04-07 15:38:06 +02:00
Taus
4cb238f1af Merge pull request #21598 from github/tausbn/python-port-should-use-with 
Python: Port ShouldUseWithStatement.ql
 2026-04-07 14:16:41 +02:00
Geoffrey White
b21dba6131 C++: Update code scanning suite .expected. 2026-04-07 13:06:34 +01:00
Geoffrey White
201af3fffc C++: Update code scanning suite .expected. 2026-04-07 12:59:31 +01:00
Geoffrey White
f2292643a3 C++: Update code scanning suite .expected. 2026-04-07 12:53:53 +01:00
Geoffrey White
3769a8a482 C++: Update code scanning suite .expected. 2026-04-07 12:51:56 +01:00
Mathias Vorreiter Pedersen
5e145aa27d Merge pull request #21631 from MathiasVP/expose-fwd-stage-1 
Dataflow: Expose stage 1's `fwdFlow`
 2026-04-07 11:29:56 +01:00
Mathias Vorreiter Pedersen
e06294bcb4 Shared: Respond to review comments. 2026-04-07 11:11:04 +01:00
Idriss Riouak
39f92e992a Merge pull request #21494 from github/idrissrio/java/jdk26 
Java: Accept new test results after JDK 26 extractor upgrade
 2026-04-07 12:03:36 +02:00
Tom Hvitved
0d4524f8f3 Address review comments 2026-04-07 11:40:10 +02:00
Tom Hvitved
1e1a8732a3 Data flow: Add hook for preventing lambda dispatch in source call contexts 2026-04-07 11:40:08 +02:00
Tom Hvitved
eb64fcd208 C#: Add test that shows unintended flow summary generation 2026-04-07 11:40:07 +02:00
Jeroen Ketema
04cfd37f53 C++: Fix comments in tests 2026-04-07 10:52:12 +02:00
Jeroen Ketema
b19c648965 C++: Add heuristic for GNU autoconf config files 2026-04-07 10:43:15 +02:00
Michael Nebel
e259ebe258 Merge pull request #21627 from michaelnebel/csharp/cleanup 
C#: Deprecate get[L|R]Value predicates.
 2026-04-07 10:23:59 +02:00
idrissrio
6f199b90ba Java: Accept new test results for JDK 26 
Accept new ByteOrder.getEntries, List.ofLazy, and Map.ofLazy entries
in kotlin2 test expected files.
 2026-04-07 09:28:25 +02:00
idrissrio
3ccbd8032c Java: Accept new test results for JDK 26 
JDK 26 added ofLazy methods to List, Map, and Set collections.
Update expected test output to include these new methods.
 2026-04-07 09:28:23 +02:00
idrissrio
5a6eb79470 Java: Pin CWE-676 test to --release 25 
Thread.stop() was removed in JDK 26. Pin the test to --release 25.
 2026-04-07 09:28:22 +02:00
idrissrio
74b0e8c19a Java: Accept new test results after JDK 26 extractor upgrade 2026-04-07 09:28:20 +02:00
Tom Hvitved
7d184d0c7f Merge pull request #21206 from hvitved/rust/type-inference-closure-param-context-typed 
Rust: Infer argument types based on trait bounds on parameters
 2026-04-07 09:17:30 +02:00
github-actions[bot]
242090e0ac Post-release preparation for codeql-cli-2.25.2 2026-04-06 13:49:20 +00:00
Óscar San José
868ccfbb04 Merge pull request #21657 from github/release-prep/2.25.2 
Release preparation for version 2.25.2
codeql-cli/v2.25.2 		2026-04-06 12:50:52 +02:00
github-actions[bot]
4fe2f6d2b4 Release preparation for version 2.25.2 2026-04-06 10:30:38 +00:00
Mario Campos
fb8b5699f2 Merge pull request #21639 from github/mario-campos/test-go-registries 
Add tests for multiple Git sources and GoProxy servers in registry config parsing
 2026-04-02 11:12:51 -05:00
Kristen Newbury
41714656ec Adjust alert messages actions CWE-829 2026-04-02 11:58:58 -04:00
Kristen Newbury
e69e30aa84 Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium] 2026-04-02 11:32:37 -04:00
Mario Campos
fb871cdfb8 Add tests for multiple Git sources and GoProxy servers in registry config parsing 2026-04-02 10:12:48 -05:00